Commit a05a4830 authored by Jeff Layton's avatar Jeff Layton

keys: update the documentation with info about "logon" keys

Acked-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
parent af3a3ab2
...@@ -123,7 +123,7 @@ KEY SERVICE OVERVIEW ...@@ -123,7 +123,7 @@ KEY SERVICE OVERVIEW
The key service provides a number of features besides keys: The key service provides a number of features besides keys:
(*) The key service defines two special key types: (*) The key service defines three special key types:
(+) "keyring" (+) "keyring"
...@@ -137,6 +137,18 @@ The key service provides a number of features besides keys: ...@@ -137,6 +137,18 @@ The key service provides a number of features besides keys:
blobs of data. These can be created, updated and read by userspace, blobs of data. These can be created, updated and read by userspace,
and aren't intended for use by kernel services. and aren't intended for use by kernel services.
(+) "logon"
Like a "user" key, a "logon" key has a payload that is an arbitrary
blob of data. It is intended as a place to store secrets which are
accessible to the kernel but not to userspace programs.
The description can be arbitrary, but must be prefixed with a non-zero
length string that describes the key "subclass". The subclass is
separated from the rest of the description by a ':'. "logon" keys can
be created and updated from userspace, but the payload is only
readable from kernel space.
(*) Each process subscribes to three keyrings: a thread-specific keyring, a (*) Each process subscribes to three keyrings: a thread-specific keyring, a
process-specific keyring, and a session-specific keyring. process-specific keyring, and a session-specific keyring.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment